Article 4 vs Article 26: AI literacy and human oversight, side by side
Temja·June 18, 2026· 7 min read
the short version
- →Article 4 is the floor. Everyone who uses AI on your behalf must be AI literate, in proportion to their role.
- →Article 26 is the gate. For high-risk systems, a trained and empowered human overseer is a precondition of running the system at all.
- →Article 4 applies to almost every company. Article 26 kicks in only when you deploy an Annex III high-risk system.
- →One is a baseline you spread wide. The other is a specific job you assign to named people with real authority to stop the machine.
People often treat these two articles as the same rule said twice. They are not. Article 4 and Article 26 answer different questions. One asks whether your people understand the AI they touch. The other asks whether a specific human can step in and overrule a high-risk system before it does harm. Getting the difference right saves you from either under-training your whole company or over-engineering oversight where you do not need it.
Article 4: make everyone literate
Article 4 has applied since 2 February 2025. It asks providers and deployers to ensure a sufficient level of AI literacy among staff and anyone else operating AI on their behalf. That last phrase reaches contractors and service providers too. Literacy here is defined in Article 3(56): the skills and understanding that let people make informed use of AI and stay aware of its risks.
The key word is everyone. If a marketing assistant uses a chatbot to draft copy, they are in scope. If a finance clerk pastes an invoice into an AI tool, they are in scope. Article 4 does not care whether the system is high-risk. It cares that the human using it can tell when something looks wrong.
Article 4 is a floor, not a ceiling
It sets a baseline of understanding across your whole organisation. The level scales with the person's role, but nobody who touches AI is exempt.
Article 26: assign a real overseer
Article 26(2) is narrower and much sharper. When you deploy a high-risk AI system, you must assign human oversight to people who have the competence, training and authority to carry it out, and you must give them the support to do it. This sits alongside Article 14, which requires that high-risk systems are built so a human can oversee them in the first place.
Read the three words together. Competence and training are the literacy part. Authority is the new part. An overseer who understands the system but cannot stop it is decoration. Article 26 wants a named person who can pause, override, or switch off the machine, and who will not be punished for doing so.
Oversight is a precondition, not a nice-to-have
For any Annex III high-risk deployment, hiring, credit scoring, essential services, education, or biometric ID, a trained and empowered overseer must be in place before the system runs. No overseer, no lawful deployment.
Side by side
The fastest way to see the split is to put the two duties in one table.
| Article 4 | Article 26 | |
|---|---|---|
| What it is | AI literacy duty | Human oversight duty |
| Who it covers | Everyone using AI on your behalf | Named overseers of high-risk systems |
| When it applies | Any AI use, since Feb 2025 | Annex III high-risk deployments |
| The ask | Sufficient understanding to use AI safely | Competence, training, and authority to intervene |
| Failure mode | Staff cannot spot a risk | Nobody can stop the system in time |
| Analogy | Everyone gets road-safety sense | A qualified driver holds the wheel |
Where they meet
The two are not rivals. Article 4 is the ground your Article 26 overseers stand on. You cannot assign competent oversight of a hiring model if your organisation has no baseline literacy to draw from. In practice, most companies build one literacy programme, then layer a deeper oversight track on top for the handful of people who watch high-risk systems.
There is one more reason authority matters so much. High-risk decisions are often hard to undo. A rejected loan, a screened-out job applicant, a flagged identity: these are not easily reversed once the system acts and the moment passes. The overseer's power to pause exists precisely for actions like these. Try sorting a few actions below by how easily they can be taken back.
For each action, decide: could you take it back if it were wrong?
If an action sits on the one-way-door side, the case for a trained, empowered human in the loop gets stronger. That is the logic Article 26 encodes. The harder something is to reverse, the more you want a competent person able to stop it.
A simple way to decide what you owe
- 1Map every AI useList where AI touches your work and who operates it. All of this falls under Article 4.
- 2Flag the high-risk onesCheck each use against Annex III. Hiring, credit, essential services, education, biometrics: those trigger Article 26.
- 3Assign named overseersFor each high-risk system, name the people who oversee it and confirm they can actually intervene.
- 4Prove bothKeep evidence that your staff are literate and that your overseers are trained and empowered.
The one-line difference
Article 4 asks: does this person understand the AI? Article 26 asks: can this person stop it? You need a yes to the first from almost everyone, and a yes to both from your high-risk overseers.
take these with you
- 01Article 4 is a broad literacy floor that has applied since February 2025 and covers nearly everyone.
- 02Article 26 is a targeted oversight gate for high-risk systems, and it adds authority to competence and training.
- 03The two work together: literacy is the base, oversight is the specialised role built on top.
- 04For actions that are hard to reverse, a trained overseer who can stop the system is the whole point.
Questions people ask
Is Article 26 just a stricter version of Article 4?
No. Article 4 is a broad literacy duty for everyone using AI. Article 26 is a specific oversight duty for high-risk systems, and it adds authority to intervene, which Article 4 does not require.
Does every company need to meet Article 26?
Only if you deploy an Annex III high-risk AI system, such as one used in hiring, credit scoring, essential services, education, or biometric identification. Article 4 applies far more widely.
What does authority mean in Article 26?
It means the overseer can actually pause, override, or stop the system, and has organisational backing to do so without being overruled or penalised. Understanding alone is not enough.
Can one training programme cover both?
Often a shared literacy programme covers Article 4, with a deeper oversight track layered on top for the people who watch high-risk systems. Temja helps you build and evidence both, but does not certify legal compliance.
from reading to reflex
See what trained behaviour looks like.
Run the 3 minute drill. No sign up, no card. Meet the poisoned invoice and find out if you reach stop in time.
keep reading